|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 139
Members: 0
Total: 139
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
my friends why no one give me help |
|
Posted: Mon Apr 02, 2012 9:57 am |
|
|
sql_hacking |
Regular user |
|
|
Joined: Mar 27, 2012 |
Posts: 6 |
|
|
|
|
|
|
|
iwant to know how to skip the union+select filter why no one give me any suggession about that and why no one help pls help me my friends |
|
|
|
|
|
why no one ... |
|
Posted: Fri Apr 06, 2012 9:13 pm |
|
|
Alfraid |
Beginner |
|
|
Joined: Apr 06, 2012 |
Posts: 2 |
|
|
|
|
|
|
|
Because everyone is busy preparing for heavenly calm Easter holiday...
For the solution; use base64 or gzip. But if you see filter, probably there are other filters, so none of the eval implementing functions will work... |
|
|
|
|
Posted: Fri Apr 06, 2012 11:02 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
Bypassing IPS/IDS needs advanced skills and lot's of testing and thinking.
And if you find for example a way to fool mod_security anti-sql-injection filter, then you have 0-day information, which will have to be kept in secret.
If such filter bypassing tricks will get public, then patched version will soon be coming out and you are back in square one.
By the way, I can suggest good whitepaper on related area:
"Beyond SQLi: Obfuscate and Bypass"
http://www.exploit-db.com/papers/17934/ |
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|